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REMARKS 

Applicants appreciate the thorough review of the present application as reflected in the 
Office Action. Applicants also appreciate the Examiner's indication that Applicants arguments 
in their previous Amendment were persuasive and that the earlier rejections have been 
withdrawn. Applicants have now amended the independent Claims 1, 20, and 39 to include the 
recitations of Claims 2, 21, and 40, respectively. Claims 2, 21, and 40 have been canceled. 
Applicants submit that the claims are patentable over the cited references for the reasons 
discussed below. 



Independent Claims 1, 10, 20 n 29, 39, and 48 are Not Anticipated by Basil 

Claims 1-13, 15-17, 20-32, 34-36, 39-51 and 53-55 stand rejected as anticipated under 35 
U.S.C. § 102(e) by United States Patent No. 6,779,051 to Basil et al. (hereinafter "Basil"). 

Claim 1 has been amended to include the recitations of Claim 2 so as to more clearly 
recite a method for providing secure communications over a network in a distributed workload 
environment in which a distribution processor distributes received network communications to 
selected target hosts. In particular amended Claim 1 recites (emphasis added): 

1 . (Currently Amended) A method for providing secure communications 
over a network in a distributed workload environment having target hosts which are 
accessed through a distribution processor by a common network address, the method 
comprising the steps of: 

routing both inbound and outbound communications with target hosts which are 
associated with a secure network communication through the distribution processor ; 

processing both inbound and outbound secure network communications at the 
distribution processor so as to provide network security processing of communications 
from the target host and network security processing of communications to the target 
host; 

receiving at the distribution processor, network communications directed to the 
common network address: and 

distributing the received network communications to selected ones of the target 
hosts so as to distribute workload associated with the network communications . 

The Office Action summarily contends that FIGS. 1, 7, and 12A-B of Basil discloses 
each and e very recitation of Claim 1 without providing any references to where in the 
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specification of Basil it discloses any of the recitations of Claim 1 and much less each and every 
recitation of Claim 1. 

Basil is directed to a multicast data protocol that uses a multicast address to determine an 
end point address of a generic routing encapsulation (GRE) tunnel which is used to forward a 
data packet to many devices. (Basil, Abstract). More particularly, Basil refers to FIG. 1 and 
describes the multicast data protocol as follows: 

Each tunnel has a multicast address . Each tunnel end point device [has] a 
physical TP address and a logical IP address. The logical IP address is an IP address that 
is statically configured over a GRE tunnel end point device . The physical IP address is 
the network (IP) address of the end point device and is used by the delivery protocol to 
deliver data packets through GRE tunnels to remote devices. 

Devices 12, 14 and 16 are routers, or other computing devices, which receive data 
packets (either from a GRE tunnel or a LAN) and which forward the data packets to their 
intended destinations (either via a GRE tunnel or on the LAN). 
(Basil, Col. 3, lines 14-25, emphasis added). 

Thus, Basil is describing with reference to FIG. 1 a multicast protocol in which multicast 
addresses are statically mapped to logical IP addresses. Referring to FIG. 7, Basil describes a 
portion of the multicast process that looks up a forwarding address (physical IP address) for a 
destination device from a static routing table . (See Basil, Col. 4, line 65 - Col. 5, line 10). 
FIGS. 12A-B describe a process that is executed at an end point device to reply to an address 
resolution protocol (ARP) broadcast packet from device 12, which is a multicast router. The 
multicast router (device 12) uses the ARP replies to determine the physical IP address of end 
point devices. 

Accordingly, Basil discloses a multicast system that maps multicast addresses to physical 
IP addresses. It does not disclose a method for providing secure communications over a network 
in a distributed network environment. The multicast router (device 12) of Basil routes inbound 
communication from one device to many statically mapped devices. Basil does not disclose that 
the multicast router or any other device serves as a distribution processor that receives network 
communications directed to common network address and distributes those communications to 
selected target hosts to distribute workload associated with the network communications. 

Accordingly, Applicants submit that at least the above-underlined recitations of Claim I 
are not disclosed by Basil and, consequently, that Claim 1 is not anticipated by Basil. Applicants 
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request that if the rejection of Claim 1 is maintained that the Examiner provide Applicants with 
detailed citations of where the description of Basil is contended to disclose each recitation of the 
claimed method. 

Independent Claims 20 and 39 are system and computer program product claims that 
correspond to the method of Claim 1, and are submitted to not be anticipated by Basil for at least 
the reasons explained above for Claim 1. 

Independent Claim 10 recites: 

10. (Original) A method providing Internet Protocol Security (IPSec) 
communications from a network to a plurality of application instances executing on a 
cluster of data processing systems utilizing virtual Internet Protocol Address (VIP A) 
Distributor to provide a routing communication protocol stack which distributes 
connections to at least one dynamically routable VIPA (DVIPA) to a plurality of target 
communication protocol stacks, the method comprising the steps of: 

receiving inbound IPSec communications to the DVIPA from the network at the 
routing communication protocol stack; 

performing IPSec processing of the received inbound IPSec communications at 
the routing communication protocol stack to provide non-IPSec communications to a first 
target communication protocol stack associated with the received inbound IPSec 
communications; 

receiving outbound non-IPSec communications associated with the DVIPA from 
a second target communication protocol stack at the routing communication protocol 
stack; and 

performing IPSec processing on the received outbound non-IPSec 
communications at the routing communication protocol stack to provide outbound IPSec 
communications to the network corresponding to the received outbound non-IPSec 
communications. 

Applicants note that the Office Action has again summarily contended that FIGS. 1 , 7, 
and 12A-B of Basil disclose each and every recitation of Claim 10 without providing any 
reference to where in the speci fication of Basil it discloses any of the recitations of Claim 10. 
Accordingly, the Office Action has provided no more particular grounds for rejecting Claim 1 0 
than was provided for Claim 1 . However, Claim 10 recites in more particular detail a method for 
providing Internet Protocol Security (IPSec) communications from a network to a plurality of 
application instances executing on a cluster of data processing systems utilizing a virtual Internet 
Protocol Address (VIPA) Distributor to provide a routing communication protocol stack which 
distributes connections to at least one dynamically routable VIPA (DVIPA) to a plurality of 
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target communication protocol stacks. The Office Action summarily contends that FIGS. 7 and 
12A-B of Basil discloses this portion of the recited method of Claim 10. As explained above, 
Basil describes a multicast system and does not contain any description of a method for 
providing secure communications or, much less, the method for providing IPSec communication 
recited in Claim 10. 

Claim 10 also recites that the method includes performing IPSec processing of the 
received inbound IPSec communications at the routing communication protocol stack to provide 
non-IPSec communications to a first target communication protocol stack associated with the 
received inbound IPSec communications. The Office Action merely cites to FIGs. 7 and 12A-B 
of Basil as disclosing this recitation. However, neither those figures nor any other portion of 
Basil discloses the recited IPSec processing of inbound IPSec communications. 

Claim 10 further recites that the method includes receiving outbound non-IPSec 
communications associated with the DVIPA from a second target communication protocol stack 
at the routing communication protocol stack. Once again, the Office Action merely cites to 
FIGs. 7 and 12A-B of Basil as disclosing this recitation. However, neither those figures nor any 
other portion of Basil discloses the recited receiving at a routing communication protocol stack 
outbound non-IPSec communications associated with the DVIPA from a second target 
communication protocol stack. 

Claim 10 further recites that the method includes performing IPSec processing on the 
received outbound non-IPSec communications at the routing communication protocol stack to 
provide outbound IPSec communications to the network corresponding to the received outbound 
non-IPSec communications. Once again, the Office Action merely cites to FIGs. 7 and 12A-B of 
Basil as disclosing this recitation. However, neither those figures nor any other portion of Basil 
discloses this recitation. 

Accordingly, Applicants submit none of the recited paragraphs of the method of Claim 10 
are disclosed by Basil and, consequently, that Claim 1 0 is not anticipated by Basil. Applicants 
request that if the rejection of Claim 1 0 is maintained that the Examiner provide Applicants with 
detailed citations of where the description of Basil is contended to discloses each recitation of the 
claimed method. 
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Independent Claims 29 and 48 are system and computer program product claims that 
correspond to the method of Claim 10, and are submitted to not be anticipated by Basil for at 
least the reasons explained above for Claim 10. 

The dependent claims are submitted to be patentable at least per the patentability of the 
independent claims from which they depend. 



In light of the above amendments and remarks, Applicants respectfully submit that the 
above-entitled application is now in condition for allowance. Favorable reconsideration of this 
application, as amended, is respectfully requested. 
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